Moderate CentOS ModemManager Security Update

Metadata

medium
5.0
ModemManager-1.1.0-8.git20130913.el7.i686.rpm, ModemManager-1.1.0-8.git20130913.el7.x86_64.rpm, ModemManager-devel-1.1.0-8.git20130913.el7.i686.rpm, ModemManager-devel-1.1.0-8.git20130913.el7.x86_64.rpm, ModemManager-glib-1.1.0-8.git20130913.el7.i686.rpm, ModemManager-glib-1.1.0-8.git20130913.el7.x86_64.rpm, ModemManager-glib-devel-1.1.0-8.git20130913.el7.i686.rpm, ModemManager-glib-devel-1.1.0-8.git20130913.el7.x86_64.rpm, ModemManager-vala-1.1.0-8.git20130913.el7.x86_64.rpm, NetworkManager-1.0.6-27.el7.x86_64.rpm, NetworkManager-adsl-1.0.6-27.el7.x86_64.rpm, NetworkManager-bluetooth-1.0.6-27.el7.x86_64.rpm, NetworkManager-config-routing-rules-1.0.6-27.el7.x86_64.rpm, NetworkManager-config-server-1.0.6-27.el7.x86_64.rpm, NetworkManager-devel-1.0.6-27.el7.i686.rpm, NetworkManager-devel-1.0.6-27.el7.x86_64.rpm, NetworkManager-glib-1.0.6-27.el7.i686.rpm, NetworkManager-glib-1.0.6-27.el7.x86_64.rpm, NetworkManager-glib-devel-1.0.6-27.el7.i686.rpm, NetworkManager-glib-devel-1.0.6-27.el7.x86_64.rpm, NetworkManager-libnm-1.0.6-27.el7.i686.rpm, NetworkManager-libnm-1.0.6-27.el7.x86_64.rpm, NetworkManager-libnm-devel-1.0.6-27.el7.i686.rpm, NetworkManager-libnm-devel-1.0.6-27.el7.x86_64.rpm, NetworkManager-libreswan-1.0.6-3.el7.x86_64.rpm, NetworkManager-libreswan-gnome-1.0.6-3.el7.x86_64.rpm, NetworkManager-team-1.0.6-27.el7.x86_64.rpm, NetworkManager-tui-1.0.6-27.el7.x86_64.rpm, NetworkManager-wifi-1.0.6-27.el7.x86_64.rpm, NetworkManager-wwan-1.0.6-27.el7.x86_64.rpm, libnm-gtk-1.0.6-2.el7.i686.rpm, libnm-gtk-1.0.6-2.el7.x86_64.rpm, libnm-gtk-devel-1.0.6-2.el7.i686.rpm, libnm-gtk-devel-1.0.6-2.el7.x86_64.rpm, network-manager-applet-1.0.6-2.el7.x86_64.rpm, nm-connection-editor-1.0.6-2.el7.x86_64.rpm
CVE-2015-0272, CVE-2015-2924
rhn.redhat.com, lists.centos.org, lists.centos.org, lists.centos.org, lists.centos.org
2015-11-30
2017-07-27 19:10
CVE-2015-0272 network-manager
CVE-2015-2924 network-manager
CVE-2015-2924
CVE-2015-0272
2017-04-01 19:09
2017-01-05 20:13

Description


Updated NetworkManager packages that fix two security issues, several bugs,
and add various enhancements are now available for Red Hat Enterprise
Linux 7.

Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

NetworkManager is a system network service that manages network devices
and connections.

It was discovered that NetworkManager would set device MTUs based on MTU
values received in IPv6 RAs (Router Advertisements), without sanity
checking the MTU value first. A remote attacker could exploit this flaw to
create a denial of service attack, by sending a specially crafted IPv6 RA
packet to disturb IPv6 communication. (CVE-2015-0272)

A flaw was found in the way NetworkManager handled router advertisements.
An unprivileged user on a local network could use IPv6 Neighbor Discovery
ICMP to broadcast a non-route with a low hop limit, causing machines to
lower the hop limit on existing IPv6 routes. If this limit is small enough,
IPv6 packets would be dropped before reaching the final destination.
(CVE-2015-2924)

The network-manager-applet and NetworkManager-libreswan packages have been
upgraded to upstream versions 1.0.6, and provide a number of bug fixes and
enhancements over the previous versions. (BZ#1177582, BZ#1243057)

Bugs:

* It was not previously possible to set the Wi-Fi band to the "a" or "bg"
values to lock to a specific frequency band. NetworkManager has been fixed,
and it now sets the wpa_supplicant's "freq_list" option correctly, which
enables proper Wi-Fi band locking. (BZ#1254461)

* NetworkManager immediately failed activation of devices that did not have
a carrier early in the boot process. The legacy network.service then
reported activation failure. Now, NetworkManager has a grace period during
which it waits for the carrier to appear. Devices that have a carrier down
for a short time on system startup no longer cause the legacy
network.service to fail. (BZ#1079353)

* NetworkManager brought down a team device if the teamd service managing
it exited unexpectedly, and the team device was deactivated. Now,
NetworkManager respawns the teamd instances that disappear and is able to
recover from a teamd failure avoiding disruption of the team device
operation. (BZ#1145988)

* NetworkManager did not send the FQDN DHCP option even if host name was
set to FQDN. Consequently, Dynamic DNS (DDNS) setups failed to update the
DNS records for clients running NetworkManager. Now, NetworkManager sends
the FQDN option with DHCP requests, and the DHCP server is able to create
DNS records for such clients. (BZ#1212597)

* The command-line client was not validating the vlan.flags property
correctly, and a spurious warning message was displayed when the nmcli tool
worked with VLAN connections. The validation routine has been fixed, and
the warning message no longer appears. (BZ#1244048)

* NetworkManager did not propagate a media access control (MAC) address
change from a bonding interface to a VLAN interface on top of it.
Consequently, a VLAN interface on top of a bond used an incorrect MAC
address. Now, NetworkManager synchronizes the addresses correctly.
(BZ#1264322)

Enhancements:

* IPv6 Privacy extensions are now enabled by default. NetworkManager checks
the per-network configuration files, NetworkManager.conf, and then falls
back to "/proc/sys/net/ipv6/conf/default/use_tempaddr" to determine and set
IPv6 privacy settings at device activation. (BZ#1187525)

* The NetworkManager command-line tool, nmcli, now allows setting the
wake-on-lan property to 0 ("none", "disable", "disabled"). (BZ#1260584)

* NetworkManager now provides information about metered connections.
(BZ#1200452)

* NetworkManager daemon and the connection editor now support setting the
Maximum Transmission Unit (MTU) of a bond. It is now possible to change MTU
of a bond interface in a GUI. (BZ#1177582, BZ#1177860)

* NetworkManager daemon and the connection editor now support setting the
MTU of a team, allowing to change MTU of a teaming interface. (BZ#1255927)

NetworkManager users are advised to upgrade to these updated packages,
which correct these issues and add these enhancements.
Please see https://www.redhat.com/footer/terms-of-use.html

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
7 libnm-gtk libnm-gtk-1.0.6-2.el7.x86_64.rpm
libnm-gtk libnm-gtk-1.0.6-2.el7.i686.rpm
libnm-gtk-devel libnm-gtk-devel-1.0.6-2.el7.i686.rpm
libnm-gtk-devel libnm-gtk-devel-1.0.6-2.el7.x86_64.rpm
ModemManager ModemManager-1.1.0-8.git20130913.el7.x86_64.rpm
ModemManager ModemManager-1.1.0-8.git20130913.el7.i686.rpm
ModemManager-devel ModemManager-devel-1.1.0-8.git20130913.el7.x86_64.rpm
ModemManager-devel ModemManager-devel-1.1.0-8.git20130913.el7.i686.rpm
ModemManager-glib ModemManager-glib-1.1.0-8.git20130913.el7.i686.rpm
ModemManager-glib ModemManager-glib-1.1.0-8.git20130913.el7.x86_64.rpm
ModemManager-glib-devel ModemManager-glib-devel-1.1.0-8.git20130913.el7.i686.rpm
ModemManager-glib-devel ModemManager-glib-devel-1.1.0-8.git20130913.el7.x86_64.rpm
ModemManager-vala ModemManager-vala-1.1.0-8.git20130913.el7.x86_64.rpm
NetworkManager NetworkManager-1.0.6-27.el7.x86_64.rpm
NetworkManager-adsl NetworkManager-adsl-1.0.6-27.el7.x86_64.rpm
network-manager-applet network-manager-applet-1.0.6-2.el7.x86_64.rpm
NetworkManager-bluetooth NetworkManager-bluetooth-1.0.6-27.el7.x86_64.rpm
NetworkManager-config-routing-rules NetworkManager-config-routing-rules-1.0.6-27.el7.x86_64.rpm
NetworkManager-config-server NetworkManager-config-server-1.0.6-27.el7.x86_64.rpm
NetworkManager-devel NetworkManager-devel-1.0.6-27.el7.x86_64.rpm
NetworkManager-devel NetworkManager-devel-1.0.6-27.el7.i686.rpm
NetworkManager-glib NetworkManager-glib-1.0.6-27.el7.x86_64.rpm
NetworkManager-glib NetworkManager-glib-1.0.6-27.el7.i686.rpm
NetworkManager-glib-devel NetworkManager-glib-devel-1.0.6-27.el7.i686.rpm
NetworkManager-glib-devel NetworkManager-glib-devel-1.0.6-27.el7.x86_64.rpm
NetworkManager-libnm NetworkManager-libnm-1.0.6-27.el7.i686.rpm
NetworkManager-libnm NetworkManager-libnm-1.0.6-27.el7.x86_64.rpm
NetworkManager-libnm-devel NetworkManager-libnm-devel-1.0.6-27.el7.i686.rpm
NetworkManager-libnm-devel NetworkManager-libnm-devel-1.0.6-27.el7.x86_64.rpm
NetworkManager-libreswan NetworkManager-libreswan-1.0.6-3.el7.x86_64.rpm
NetworkManager-libreswan-gnome NetworkManager-libreswan-gnome-1.0.6-3.el7.x86_64.rpm
NetworkManager-team NetworkManager-team-1.0.6-27.el7.x86_64.rpm
NetworkManager-tui NetworkManager-tui-1.0.6-27.el7.x86_64.rpm
NetworkManager-wifi NetworkManager-wifi-1.0.6-27.el7.x86_64.rpm
NetworkManager-wwan NetworkManager-wwan-1.0.6-27.el7.x86_64.rpm
nm-connection-editor nm-connection-editor-1.0.6-2.el7.x86_64.rpm